Hi Einar,
If TSIG is used in both directions (outbound NOTIFY, inbound XFR), I would
recommend reconfiguration to:
server:
automatic-acl: on
remote:
- id: remote01
address: 127.0.0.1
key: my_key
zone:
- domain: example.com
notify: [ remote01 ]
Daniel
On 1/15/24 12:03,
> On 15 Jan 2024, at 16:03, Anand Buddhdev wrote:
>
> On 15/01/2024 16:53, Einar Bjarni Halldórsson wrote:
>
> Hi Einar,
>
>> But do I need the TSIG key configured both in remote section, and in acl
>> section?
>> I guess my point is, what is the purpose of the key attribute in remote
>>
On Mon, 15 Jan 2024 15:53:16 +
Einar Bjarni Halldórsson wrote:
> But do I need the TSIG key configured both in remote section, and in
> acl section?
>
> I guess my point is, what is the purpose of the key attribute in
> remote section?
That is used for TSIG authenticated notifies.
--
On 15/01/2024 16:53, Einar Bjarni Halldórsson wrote:
Hi Einar,
But do I need the TSIG key configured both in remote section, and in acl
section?
I guess my point is, what is the purpose of the key attribute in remote section?
If you configure a TSIG key in the remote section, then the
Hi Tuomo,
> On 15 Jan 2024, at 15:45, Tuomo Soini wrote:
>>
>>
>> Couldn’t I just remove key attribute from the remote, since the acl
>> declares the address and key that are allowed to transfer the zone?
>
> Remote declaration needs port and acl doesn't have port (allows all
> source ports).
On Mon, 15 Jan 2024 11:03:49 +
Einar Bjarni Halldórsson wrote:
> Hi,
>
> I’m updating our config files and I’m wondering if we need to set
> ‘key’ in remotes section, and in acl section? If I have this in my
> config:
>
> remote:
> - id: remote01
> address: 127.0.0.1
> key: